True. We do that for SoftICE, that is, we add a registry entry which
DriverEntry reads. But somehow I was hoping to escape that with some of our
other drivers, we already have more registry entries than we’re comfortable
with ! Oh, well…
Alberto.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Peter Wieland
Sent: Tuesday, June 22, 2004 12:47 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Windows System Directory String
Most people put that sort of information in the system hive. It’s tied
to the OS installation already and is avaialble to boot drivers.
-p
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Moreira, Alberto
Sent: Tuesday, June 22, 2004 9:28 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Windows System Directory String
Hi, Peter,
Thanks for the suggestion ! The problem, however, is that I cannot delay
that file read, much of our DriverEntry initialization depends on it and
should happen very early in the game, or we won’t be able to monitor
boot drivers. It looks like I’m stuck, the information I need isn’t
available at the time I’m trying to use it, so, I’ll have to find some
other way of doing business.
Alberto.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Peter Wieland
Sent: Monday, June 21, 2004 5:21 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Windows System Directory String
If you’re loading as a boot driver the file system probably hasn’t been
mounted at the time you’re initializing, so there won’t be many files or
directories you can reference.
Setup a reinitialization callback and try then. You might be able to
use IoRegisterBootDriverReinitialization - but I think that comes before
the file-system is mounted but after the disk stacks are started. If
I’m right you’ll probably want IoRegisterDriverReinitialization.
-p
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Moreira, Alberto
Sent: Monday, June 21, 2004 2:07 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Windows System Directory String
I’m trying to open
“\ArcName\scsi(0)disk(1)rdisk(0)partition(3)\WINDOWS”,
which is the string that is returned from the sequence I use:
RtlInitUnicodeString(&us,“\SystemRoot”);
InitializeObjectAttributes(&oa, &us, OBJ_CASE_INSENSITIVE, NULL,
NULL);
status = ZwOpenSymbolicLinkObject(&handle, GENERIC_READ, &oa);
ZwQuerySymbolicLinkObject(handle, &ws, &length);
Of course I prime strings us and ws so that they both have a large
enough buffer to work with. At this point, Unicode String ws has the
target pointed by “\SystemRoot”, which is
“\ArcName\scsi(0)disk(1)rdisk(0)partition(3)\WINDOWS”
Now, at this point I cannot find any file or directory inside my Windows
directory, I get an error, typically file not found. I then try to
proceed by closing my handle and reopening it using the ws string, and
it doesn’t work either:
ZwClose(handle);
InitializeObjectAttributes(&ob, &ws, OBJ_CASE_INSENSITIVE, NULL,
NULL);
status = ZwOpenSymbolicLinkObject(&handle, GENERIC_READ, &ob);
This fails miserably too. Trying to do a ZwCreateFile on
“\SystemRoot\System32\Drivers\Osinfo.dat” also fails:
RtlInitUnicodeString(&xs,“\SystemRoot\System32\Drivers\Osinfo.dat”);
InitializeObjectAttributes(&oc, &xs, OBJ_CASE_INSENSITIVE, NULL,
NULL);
status = ZwCreateFile(&hf, FILE_GENERIC_READ, &oc, &sb,…);
This also fails, if “handle” is a handle to \SystemRoot that I opened
before:
RtlInitUnicodeString(&xs,“\System32\Drivers\Osinfo.dat”);
InitializeObjectAttributes(&oc, &xs, OBJ_CASE_INSENSITIVE, handle,
NULL);
status = ZwCreateFile(&hf, FILE_GENERIC_READ, &oc, &sb,…);
I get a “file not found” error. If I omit the leading slash from the xs
string, I get a “type mismatch” error.
The answer to your other question is, I’m doing it at Windows startup
time, my driver is one of the last ones that is displayed when you boot
with the /SOS flag turned on in boot.ini. And, by the way, this is DDK
3790 on Windows XP SP1.
I bet it’s something very simple, it’s just that I can’t put my finger
on it.
Alberto.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Peter Wieland
Sent: Monday, June 21, 2004 4:21 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Windows System Directory String
Are you trying to open “ArcName.…” or “\ArcName.…”?
What phase of boot are you in when you’re trying to do this?
-p
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Moreira, Alberto
Sent: Monday, June 21, 2004 1:06 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Windows System Directory String
Well, it must be me, but I still can’t make it work. In my machine, if I
do a ZwQuerySymbolicLinkObject on \SystemRoot, I get the string
“ArcName\scsi(0)disk(1)rdisk(0)partition(3)\WINDOWS”
which WINOBJ tells me it maps to
“Device\Harddisk1\Partition3”
but I can’t get the system to open the ArcName-based link, no matter
what I try. When I try to open the link
“ArcName\scsi(0)disk(1)rdisk(0)partition(3)”
as it comes out of a call to ZwQuerySymbolicLinkObject(), it usually
barfs with a STATUS_OBJECT_PATH_NOT_FOUND. Nor can I get it to append a
filename to the string and open it, say,
“ArcName\scsi(0)disk(1)rdisk(0)partition(3)\WINDOWS”
or else
“ArcName\scsi(0)disk(1)rdisk(0)partition(3)\WINDOWS\System32\Drivers\OSI
NFO.
DAT”
This also doesn’t work, it gives a STATUS_OBJECT_PATH_NOT_FOUND:
“\SystemRoot\Windows\System32\Drivers\Osinfo.dat”
I have tried several combinations of object strings and root directories
in the call to InitializeObjectAttributes(), and so far nothing works -
although I can open file
“\Device\Harddisk1\Partition3\Windows”
without any problem. My ignorance of the API is probably stumbling on
some very infantile issue, but I can’t put my finger on it. Depending on
how I do it, I get errors C000003B (STATUS_OBJECT_PATH_SYNTAX_BAD),
C000003A (STATUS_OBJECT_PATH_NOT_FOUND), or even C00000024
(STATUS_OBJECT_TYPE_MISMATCH). But no matter what, I cannot open the
target directory.
Suggestions, anyone ?
Alberto.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Peter Wieland
Sent: Thursday, June 10, 2004 1:27 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Windows System Directory String
C:\Documents and Settings\Peter>objdir \ Directory of: \
ArcName Directory
BaseNamedObjects Directory
…
SystemRoot SymbolicLink -
\Device\Harddisk0\Partition1\WINDOWS
…
36 entries
(…'s added by me)
The winobj we have in our source tree (I don’t know if it’s the same)
also shows SystemRoot in the root directory.
It doesn’t seem to be hidden to me.
-p
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mathieu Routhier
Sent: Thursday, June 10, 2004 10:24 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Windows System Directory String
How does it work? This symbolic link is not listed in the SysInternals
WinObj utility when I run it on my machine. Is it hidden in some way?
Mat
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Peter Wieland
Sent: Thursday, June 10, 2004 1:06 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Windows System Directory String
Have you tried to query the \SystemRoot symbolic link for its target?
-p
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Moreira, Alberto
Sent: Thursday, June 10, 2004 7:01 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Windows System Directory String
Hi, guys,
This is an infantile question, but so far I couldn’t find the answer. Is
there any kernel-side API that allows me to get the full pathname of the
Windows\System32 directory, including the drive letter ? I have plenty
of cases here where the machine has four, five, six OS’s installed, and
it can be a bit messy to figure out which one is which. There’s an
ExpandEnvironmentStrings function in winbase.h, but it looks like this
is a user-side API, I find no reference to it in the DDK documentation
even if winbase.h seems to be included in the DDK inc directories.
Alberto.
The contents of this e-mail are intended for the named addressee only.
It contains information that may be confidential. Unless you are the
named addressee or an authorized designee, you may not copy or use it,
or disclose it to anyone else. If you received it in error please notify
us immediately and then destroy it.
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@cvds.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
The contents of this e-mail are intended for the named addressee only.
It contains information that may be confidential. Unless you are the
named addressee or an authorized designee, you may not copy or use it,
or disclose it to anyone else. If you received it in error please notify
us immediately and then destroy it.
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
The contents of this e-mail are intended for the named addressee only.
It contains information that may be confidential. Unless you are the
named addressee or an authorized designee, you may not copy or use it,
or disclose it to anyone else. If you received it in error please notify
us immediately and then destroy it.
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
The contents of this e-mail are intended for the named addressee only.
It contains information that may be confidential. Unless you are the
named addressee or an authorized designee, you may not copy or use it,
or disclose it to anyone else. If you received it in error please notify
us immediately and then destroy it.
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.